AI Security Operations Center
securityimported
Installation
$
npx agenticloops install ai-soc-alert-triagerSummary
Nightly SOC loop: fuses security alerts, maps to MITRE ATT&CK, triages by severity, and runs purple-team drills.
- Runs Nightly, on any harness.
- Uses skills:
security,threat-intelligence,log-analysis,monitoring. - Needs
cli python,secrets SIEM_API_KEY— checked at install; secrets are prompted, never in the file. - Runs at the standard capability tier (balanced model); the harness picks the model.
What it does
Each night, collect and fuse security alerts from SIEM and log sources, investigate findings and map each to MITRE ATT&CK tactics and techniques, triage by severity, generate Hunt-as-Code hypotheses for high-severity findings, and run any scheduled purple-team simulation drills configured in the hunt schedule.
LOOP.md
--- name: ai-soc-alert-triager description: AI Security Operations Center · Nightly SOC loop: fuses security alerts, maps to MITRE ATT&CK, triages by severity, and runs purple-team drills. schedule: daily @ 02:00 skills: [security, threat-intelligence, log-analysis, monitoring] requires: cli: [python] secrets: [SIEM_API_KEY] # names only tier: standard # frontier | standard | fast effort: medium concurrency: skip tags: [security, soc, ops, threat-intel] license: MIT --- Each night, collect and fuse security alerts from SIEM and log sources, investigate findings and map each to MITRE ATT&CK tactics and techniques, triage by severity, generate Hunt-as-Code hypotheses for high-severity findings, and run any scheduled purple-team simulation drills configured in the hunt schedule.